Skip to main content

Google Chrome EUVDEUVD-2026-40467

| CVE-2026-13781 CRITICAL
Improper Input Validation (CWE-20)
2026-06-30 chrome-cve-admin@google.com GHSA-q267-54c8-8vcg
9.6
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
9.6 CRITICAL
AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
vuln.today AI
7.6 HIGH

Requires a pre-compromised renderer (PR:H) and chaining plus user interaction (AC:H, UI:R); successful escape crosses the sandbox boundary (S:C) with total impact.

3.1 AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H
4.0 AV:N/AC:H/AT:P/PR:H/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
SUSE
CRITICAL
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

4
Analysis Generated
Jul 01, 2026 - 19:15 vuln.today
CVSS changed
Jul 01, 2026 - 17:07 NVD
9.6 (CRITICAL)
CVE Published
Jun 30, 2026 - 23:16 nvd
CRITICAL 9.6
CVE Published
Jun 30, 2026 - 23:16 cve.org
UNKNOWN (no severity yet)

DescriptionNVD

Insufficient validation of untrusted input in Skia in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

AnalysisAI

Sandbox escape in Google Chrome's Skia graphics engine (versions prior to 150.0.7871.47) lets an attacker who has already compromised the renderer process break out of the browser sandbox via a crafted HTML page, achieving high-impact code execution across the security boundary (scope change). Rated Critical by Chromium and CVSS 9.6, but no public exploit is identified at time of analysis and EPSS is low (0.22%, 13th percentile). …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Lure victim to crafted HTML page
Delivery
Compromise sandboxed renderer (prior bug)
Exploit
Feed malformed input to Skia
Execution
Trigger input-validation flaw
Persist
Escape sandbox to privileged process
Impact
Execute code with elevated privileges

Vulnerability AssessmentAI

Exploitation Exploitation requires that the attacker has ALREADY compromised the Chrome renderer process - this is a second-stage sandbox-escape primitive, not a standalone remote-code-execution bug. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment Signals are mixed and should be weighed carefully. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario A victim visits a malicious or compromised web page that first exploits a separate renderer-level bug to run attacker code inside Chrome's sandboxed renderer, then serves crafted HTML/graphics content that feeds malformed input to Skia to escape the sandbox and execute code in a higher-privileged browser process. No public proof-of-concept is identified at time of analysis, and successful attack requires chaining with a prior renderer compromise plus user interaction (UI:R) to load the page.
Remediation Vendor-released patch: update Google Chrome to 150.0.7871.47 or later per the Chrome Stable channel advisory (https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0175352312.html); Chrome normally auto-updates, so verify via chrome://settings/help and relaunch to apply the fix, and push the update through your enterprise management (GPO/MDM/admx) to ensure fleet-wide deployment. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: inventory all Chrome deployments across the organization and identify instances running pre-150.0.7871.47 versions. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Vendor StatusVendor

SUSE

Severity: Critical
Product Status
SUSE Package Hub 15 SP7 Fixed
openSUSE Tumbleweed Fixed
SUSE Package Hub 15 SP7 Affected

Share

EUVD-2026-40467 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy